Module 10: Monitoring ISA Server 2004 Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring Reports Monitoring Connectivity Monitoring Services and Performance Lesson: Monitoring Overview Why Implement Monitoring? ISA Server Monitoring Components Designing a Monitoring and Reporting Strategy Using the ISA Server Dashboard for Monitoring Why Implement Monitoring? Use monitoring to: Use monitoring to: Monitor traffic between networks to ensure that only legitimate traffic passes between networks Troubleshoot network connectivity between ISA Server clients, servers, and networks Collect information about attacks and to detect attacks as they occur Plan future modifications to the ISA Server or Internet access infrastructure Monitor traffic between networks to ensure that only legitimate traffic passes between networks Troubleshoot network connectivity between ISA Server clients, servers, and networks Collect information about attacks and to detect attacks as they occur Plan future modifications to the ISA Server or Internet access infrastructure ISA Server Monitoring Components Components Explanation Alerts Monitors ISA Server for configured events and then performs actions when the specified events occur Sessions Provides information on the current client sessions Logging Provides detailed archived information about the Web Proxy, Microsoft Firewall service, or SMTP Message Screener Reports Summarizes information about the usage patterns on ISA Server Connectivity Monitors connections from ISA Server to any other computer or URL on any network Performance Monitors server performance in real time, create a log file of server performance or configure performance alerts Designing a Monitoring and Reporting Strategy When: Determine: Monitoring real- time information Which events should trigger an alert The event threshold before the alert is triggered The information that you need to monitor server performance Collecting long- term information The information you need to monitor server performance over time The information you need to monitor server usage The information you need to monitor security events Developing a response strategy How to respond to the critical events that occur on the ISA Server Using the ISA Server Dashboard for Monitoring Monitor connections Monitor connections Monitor alerts Monitor alerts Monitor sessions Monitor sessions Monitor traffic Monitor traffic Lesson: Configuring Alerts What Is an Alert? How to Configure Alert Definitions How to Configure Alert Events and Conditions How to Configure Alert Actions Alert Management Tasks What Is an Alert? An alert is: An alert is: A notification of an event or action that has occurred on ISA Server Triggered according to the conditions and trigger thresholds specified for the event associated with the alert A notification of an event or action that has occurred on ISA Server Triggered according to the conditions and trigger thresholds specified for the event associated with the alert When a server event takes place and records an alert: When a server event takes place and records an alert: The ISA Server Management console displays the alert in the Alerts view An entry appears in the alerts view that lists column headings such as type of alert, the date and time, status, and category The ISA Server Management console displays the alert in the Alerts view An entry appears in the alerts view that lists column headings such as type of alert, the date and time, status, and category How to Configure Alert Definitions [...]... configure an alert to stop the ISA Server Firewall Service, ISA Server goes into a lockdown mode While in lockdown mode, ISA Server blocks most network traffic Practice: Configuring and Managing Alerts Creating a New Alert Definition Modifying an Existing Alert Definition Gen-Web-01 Den -ISA- 01 Den-Clt-01 Den-DC-01 Internet Lesson: Configuring Session Monitoring What Is Session Monitoring? About Managing... running ISA Server Management  By double-clicking the report name in the Report view of ISA Server Management How to Publish Reports You can publish reports to a shared folder where users without ISA Server Management installed can view the reports Practice: Configuring Reports Generating a Report Creating a Recurring Report Job Den -ISA- 01 Gen-Web-01 Internet Den-Msg-01 Den-DC-01 Lesson: Monitoring. .. Connectivity Monitoring Work? Configuring Connectivity Monitoring How Does Connectivity Monitoring Work? Connectivity monitoring: Uses connectivity verifiers to monitor connections from ISA Server to other servers or URLs Can be configured to use any of the following in connection methods:  Ping to check for simple network connectivity  TCP connection to verify that a service is running on the destination server. .. format Only available format for SMTP message screener logs The MSDE and log files are stored by default in the ISALogs folder, which is located in the ISA Server installation folder How to Configure Logging Configure log storage format Configure the information captured in the logs How to View ISA Server Logs How to Configure Log Filter Definitions Add multiple filters Configure filters to view specific... Add multiple filters Configure filters to view specific sessions Practice: Configuring Session Monitoring Monitoring Sessions Applying a Session Filter Gen-Web-01 Den -ISA- 01 Den-Clt-01 Den-DC-01 Internet Lesson: Configuring Logging What Is Logging? Log Storage Options How to Configure Logging How to View ISA Server Logs How to Configure Log Filter Definitions What Is Logging? The logging feature: Provides... Provides a log viewer to assist in monitoring and analyzing server activity for MSDE-based logs Log Storage Options Log storage option: Explanation: Logs can be viewed in the log viewer MSDE Default format for Web proxy and Firewall Service logs Logs can be stored on separate server SQL database File Logs can be analyzed by using database tools Logs can be stored in W3C or ISA Server format Only available... Internet Lesson: Configuring Session Monitoring What Is Session Monitoring? About Managing Sessions How to Configure Session Filtering What Is Session Monitoring? Session monitoring: Provides real-time information about client sessions hosted through ISA Server Includes information on: When the session was established The session type The source network The client user name and computer name Provides... for simple network connectivity  TCP connection to verify that a service is running on the destination server  HTTP GET request to verify that a Web server is running on the destination server Configuring Connectivity Monitoring Configure the URL or server to connect to Configure the method used to test connectivity Configure the timeout for the connection attempt . Module 10: Monitoring ISA Server 2004 Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring. Logging Configuring Reports Monitoring Connectivity Monitoring Services and Performance Lesson: Monitoring Overview Why Implement Monitoring? ISA Server Monitoring Components Designing